Have you been using an app called WhatsApp Plus? Well, stop that at once! You see, WhatsApp have banned some users from using the app for 24 hours because it is a third party application and it violates the ‘terms of service’.
WhatsApp have asked their users to uninstall WhatsApp+ and install the authorised version of WhatsApp from official website or Google Play if they want to resume normal service. This other app isn’t related to WhatsApp, which means it has code that isn’t supported by the company and, worse still, if you get hacked and your details and photos leak, they won’t be taking any responsibility for it.
So if you’ve been sending photos of your junk to people through this third party app, you’re asking for trouble.
WhatsApp are treating the Plus app as malware and, in their FAQ section, they’ve said: “WhatsApp Plus is an application that was not developed by WhatsApp, nor is it authorised by WhatsApp. The developers of WhatsApp Plus have no relationship to WhatsApp, and we do not support WhatsApp Plus. Please be aware that WhatsApp Plus contains source code which WhatsApp cannot guarantee as safe and that your private information is potentially being passed to 3rd parties without your knowledge or authorization.”
In short – stop using it, alright? Good.
Edward Snowden – the NSA whistleblower – is making some bold claims again, this time, saying that Apple’s iPhones have built-in spy software that can be used to track you. That’s some bad PR for Apple if it turns out to be true, eh?
Snowden’s lawyer says that this software can be activated without the user knowing, and remotely.
“Edward never uses an iPhone, he’s got a simple phone,” says Anatoly Kucherena. “The iPhone has special software that can activate itself without the owner having to press a button and gather information about him, that’s why on security grounds he refused to have this phone.”
Of course, this is at odds with Apple’s recent campaigns to improve privacy for users. You may recall Apple saying that it would be nigh-on impossible for government officials to get personal data from those using iOS 8. Apple have also pushed for stronger privacy protection policies, along with a number of other big tech firms.
According to the Independent, the NSA have published documents that reveal how GCHQ (the British intelligent agency) used this software in the iPhone – known as its UDID – to keep tabs on some people. These documents don’t refer to specific spyware, but there might be more documents on the way.
Kucherena did note that, while Edward Snowden doesn’t use an iPhone, if you want to, no-one is stopping you. Very kind of him that.
The Sky Broadband Shield internet filter will help protect the nippers from any adult content, and will be rolled out to all their users on an opt-out type scene.
The company have already been emailing their customers about the modesty blanket, saying that they’re getting it whether they like it or not, regardless of whether children are on hand to be alarmed by the likes of gunfire, screaming and baps.
The Sky Broadband Shield internet filter blocks sites deemed inappropriate for kids under the age of 13 during daytime hours, when they should be at school anyway, rather than seeking out wangs on xtube.
Lyssa McGowan, brand director of communications products at Sky, said about the Sky Broadband Shield internet filter: “We’re all aware that cyberspace can present security risks, and that the internet isn’t universally suitable for children. At Sky, when it comes to online safety for all, we take our responsibility very seriously and we want what is best for our customers.”
“What we’re doing now is simply making sure that the automatic position of Sky Broadband Shield is the safest one for all – that’s ‘on’, unless customers choose otherwise.”
So, keep an ear out for people ringing Sky’s customers services and saying “Why yes… I’d like to watch dirty films with my internet connection…”
On OS X Yosemite, you may have noticed that Apple’s Spotlight search function is rather sophisticated, allowing you to search the web as well as peering into your machine for content too. All very clever.
However, it also has a flaw that could well expose your local information to nefarious types. Not so clever.
So what’s going on? Well, the weakness focuses on Apple Mail. Basically, as Spotlight Search indexes emails that have been received within Apple’s email service, it also shows previews of your emails, your images and such.
All a hacker would need to do is to insert a tracking pixel into one of your email’s images and hey presto! They could well be enjoying access to your data!
While the email is in your inbox, you can ignore scams, but Spotlight’s preview function opens up a vulnerability. Seeing as Spotlight opens previews of your junk and spam messages, this could be a problem. Even if you have switched off the “load remote content in messages” feature, it doesn’t exactly fix the problem.
Until Apple issue a fix, the best thing for you to do is to go to your Mac System preferences and switch off email indexing.
So what does that mean on a day-to-day basis? Cameron doesn’t like the fact that certain messaging apps are encrypted, which means your messages are private and the PM wants to be able to see inside them, y’know, just in case you’re a terrorist. So if you use Snapchat or WhatsApp, they could end up being blocked, nationwide.
Apple’s iMessage and FaceTime also have encrypted data, which is no good for a man who wants to increase surveillance and revive the Snoopers Charter, which helps the government to peer into your internet goings-on.
Cameron said: “In our country, do we want to allow a means of communication between people which we cannot read?” The answer for most sensible people is ‘Yes, actually.’ Of course, there’s going to be some people saying ‘I don’t care – I’m not doing anything wrong so why should I be bothered that someone’s looking at my boring messages?’ To those, we admire your belief that government officials won’t end up losing all your private messages and them ending up online or, indeed, misreading some joke you made which sees you getting called in for questioning.
The short version is this: Are you happy with a Prime Minister who says that there should be no “means of communication” which “we cannot read”?
Of course, companies like WhatsApp are committed to keeping their services encrypted and unreadable by authorities, which is something that has become a real point of principle in the aftermath of Edward Snowden’s claims about NSA surveillance.
Privacy groups are, as expected, angry at the idea of governments being able to snoop around your private correspondence, so this is a row that’s only going to get louder in the coming weeks. There’s an election afoot, so we’ll have to see how Cameron plays it.
A vulnerability has been found on the Moonpig website which means a ne’er-do-well could get at all your details, including your card number… and it looks like the card-vendor isn’t doing anything about it.
Despite their hokey ‘Oh, we’re just a little company with a crappy hand drawn logo, not like those awful huge businesses’ image, Moonpig actually have millions of customers and have sold around 6 million cards.
Website ifc0nfig.com had a look at the security of the Moonpig site and, after ferreting around said: “I’ve seen some half-arsed security measures in my time but this just takes the biscuit. Whoever architected this system needs to be waterboarded.”
Moonpig’s site uses a basic authentication rather than a session key, which isn’t great and from that point on, continues to get worse. Basically, what was found was that “an attacker would find it very easy to build up a database of Moonpig customers along with their addresses and card details in a few hours”, which is rather unpleasant and very shoddy on behalf of the company.
And to make matters worse, Moonpig aren’t at all bothered.
After the vulnerability was discovered, trying to be responsible, the site contacted Moonpig. They contacted them in 2013! And now, there’s nothing being done.
Here’s what the site said:
18th Aug ’13 – (yes, 2013!) Initial contact made with vendor. After a few e-mails back and fourth their reasoning was legacy code and they’ll “get right on it”.
26th Sep ’14 – Follow up e-mail. Issue still not resolved. ETA “after Christmas”
5th Jan ’15 – Vulnerability still exists with ample amount of time given to vendor to fix the issue.
Initially I was going to wait until they fixed their live endpoints but given the timeframes I’ve decided to publish this post to force Moonpig to fix the issue and protect the privacy of their customers (who knows who else knows about this!). ~17 months is more than enough time to fix an issue like this. It appears customer privacy is not a priority to Moonpig.
If you’re really techie and want to see what this all looks like under the hood, check out the site’s report on it all.
Why? They reckon that this is all for your own protection.
Marriott have signed a petition (which you can see here) before the FCC so they can clarify or tinker with the rules that cover interference for unlicensed spectrum bands. In plain language, they want to be able to jam the network on their premises.
You can assume that this means they’ll introduce their own hotspot, which they’ll charge customers for and, if you don’t want in, your devices won’t be able to pick up any signal. Of course, Marriott have previous, as they’ve already been fined for jamming those on their premises in Nashville.
Marriott have said in response: “We understand there have been concerns regarding our position on the FCC petition filing, perhaps due to a lack of clarity about the issue. To set the record straight it has never been nor will it ever be Marriott’s policy to limit our guests’ ability to access the Internet by all available means, including through the use of personal Mi-Fi and/or Wi-Fi devices. As a matter of fact, we invite and encourage our guests to use these Internet connectivity devices in our hotels. To be clear, this matter does not involve in any way Wi-Fi access in hotel guestrooms or lobby spaces.”
“The question at hand is what measures a network operator can take to detect and contain rogue and imposter Wi-Fi hotspots used in our meeting and conference spaces that pose a security threat to meeting or conference attendees or cause interference to the conference guest wireless network.”
“In light of the increased use of wireless technology to launch cyber-attacks and purposefully disrupt hotel networks, Marriott along with the American Hotel & Lodging Association on behalf of the entire hotel industry is seeking clarity from the FCC regarding what lawful measures a network operator can take to prevent such attacks from occurring. We feel this is extremely important as we are increasingly being asked what measures we take to protect our conference and meeting guests and the conference groups that are using Wi-Fi technology in our hotels.”
What do you make of that? On social media, there’s a lot of people calling bullshit on the whole thing, with Marriott cutting and pasting a link to the above statement.
The nosin’ around was part of research done by Redcentric, who also declared that 21% of the 1,000 questioned would only change their password when they were prompted.
A third of the respondees admitted that their passwords contained their names or birth date. The clots. 17% of the 1,000 also said that they kept password details on their phone or computer.
A Redcentric spokesperson said: “Online security is paramount in this day and age, especially as people are able to carry out more day-to-day tasks online such as shopping, banking and running businesses.
“There are obvious concerns when people are using the same passwords over different accounts, especially if those accounts hold personal or financial information. We recommend that you change your password every month or so depending on the kind of account it is, rather than just doing it when prompted.”
You could update your password every month, but which conventional normal human actually does?